MythX is Real!

Our MythX security analysis API (docs.mythx.io) launched in public beta this past week! It’s free for anyone to use, for a limited time.

MythX is a security analysis platform for Ethereum smart contracts. It allows any developer or development team to perform a comprehensive range of industry-leading analyses on smart contracts, including an input fuzzer, a static code analyzer, linter, and a symbolic analyzer. All accessible through an easy-to-use API.

IBM “X-Force Red” Launches Blockchain Cybersecurity Service

With worldwide spending on blockchain solutions forecasted to reach $9.7 billion by 2021, the number of blockchain implementations will likely grow exponentially across all industries.1 Meanwhile, the benefit of the network effect inherent to blockchain networks means they include broad, decentralized ecosystems of organizations, which in turn offers different attack vectors than traditional applications and creates opportunities for cybercriminals seeking to manipulate or monetize the data being shared on the blockchain.

IBM X-Force Red is seeing that 70 percent of solutions that incorporate blockchain rely on traditional technologies for backend processes like authentication, data processing and Application Programming Interfaces (API). The X-Force Red Blockchain Testing service will evaluate the whole implementation including chain code, public key infrastructure and hyperledgers. X-Force Red will also test backend processes, applications and physical hardware used to control access and manage blockchain networks.

EIP: mandatory “Security Considerations” for EIPs

This week in the “wow, that makes a lot of sense” category, my colleague tintinweb drafted a meta-EIP that would require all EIPs to include a ‘Security Considerations’ section.

As an interesting historical note, the EIP (Ethereum Improvement Proposal) process was inspired by BIPs (Bitcoin Improvement Proposal)… which was inspired by Python’s PEP (Python Enhancement Proposals)… which was inspired by the IETF’s RFC process (Internet Engineering Task Force / Request For Comments). RFCs do have a Security Considerations section, unfortunately somewhere on the path from RFC to EIP, it seems to have been forgotten.

Another recent proposal (eth-magicians.org) which is nicely complimentary suggests instituting a “defined review period time where the specific purpose is security”.